Hackers aren’t just solitary figures typing away in dark rooms like the movies suggest. Increasingly, the threats we face come from “state-level hackers,” which are organized teams either employed by or contracted by governments to target other nations, corporations, and agencies.
Recently, security experts detected one such threat from North Korean hackers exploiting a Windows vulnerability that had only just been patched. Gen Digital, a coalition of researchers from leading security software companies like Norton, Avast, Avira, and AVG, uncovered this attack. They have pointed the finger at the notorious Lazarus group, the same group responsible for the infamous Sony Pictures hack in 2014, accusing them of using a Windows zero-day exploit to target “individuals in sensitive fields” like cryptocurrency and aerospace.
As reported by Ars Technica, the Lazarus group allegedly took advantage of the CVE-2024-38193 vulnerability as recently as June. They paired this with the FudModule tool to bypass detection by security programs, allowing them to gain extensive access to Windows systems and potentially execute untrusted code, giving them near-total control over compromised machines.
Gen Digital’s report suggests that such an advanced attack could be worth hundreds of thousands of dollars on the black market. However, the exact targets and what data may have been compromised remain undisclosed.
Fortunately, Microsoft patched the CVE-2024-38193 vulnerability last week, so users who keep their Windows systems up to date are protected. Although this kind of attack is typically aimed at high-level targets within governments or major corporations, it’s still a reminder not to ignore those Windows update notifications, especially if you handle sensitive information.